Scammers Distribute Fake Microsoft Office USB Sticks With Malware

News
By
published

Counterfeit Microsoft Office USB sticks contain ransomware.

Microsoft
(Image credit: Martin Pitman/LinkedIn)

One of the easy ways to quickly get malware on a victim's PC is to trick them into thinking that they are getting something for free and make them install everything themselves. It is what criminals from the U.K. do in a bid to steal money from their targets.

Scammers from the U.K. send USB drives with Microsoft's Office suites in seemingly real Microsoft packaging to random addresses trying to make victims think that they received a legitimate Office Professional Plus (worth $439) by mistake. After the victim plugs the USB drive into their PC, it is not an Office launch installation wizard but encourages people to call a fake support line. The latter then persuades the casualty to hand over remote access to the PC and provide them payment information, reports Sky News.

"As soon as they had plugged the USB into the computer, a warning screen appeared saying there was a virus," said Martin Pitman, a cybersecurity consultant for Atheniem. "To get help and fix the issue, they needed to call a toll-free number to get the computer up and running again. As soon as they called the number on screen, the helpdesk installed some sort of [remote access program] and took control of the victim's computer. Here the hackers 'sorted' the problem and then passed the victim over to the Office 365 subscription team to help complete the action."

Baiting attacks are nothing new, but they target specific victims and rarely use postal packages for various reasons. But the fraudsters from the U.K. targeted random people using postal packages, according to the cybersecurity expert. Such targeting may seem inefficient, but if you send out a thousand counterfeit Microsoft Office packages and steal money from a few dozens of people, the act will quickly pay for itself. Moreover, it could be more efficient than sending out millions of fraudulent emails, as people these days are aware of email scammers.

Microsoft is aware of the issue but says it is a rare occurrence. However, it is not so rare for Microsoft to be mindful of it and launch an internal investigation. Nowadays, the company prefers to distribute its software via the Internet and advises its customers to visit an appropriate support page to find out how to avoid fraud and scams.

Anton Shilov
Anton Shilov
Contributing Writer

Anton Shilov is a contributing writer at Tom’s Hardware. Over the past couple of decades, he has covered everything from CPUs and GPUs to supercomputers and from modern process technologies and latest fab tools to high-tech industry trends.

12 Comments Comment from the forums
  • Alvar "Miles" Udell
    Package: CD Key Only - No Disc
    Package: Contains drive

    Yeah, nothing suspect about that at all....
    Reply
  • USAFRet
    Alvar Miles Udell said:
    Package: CD Key Only - No Disc
    Package: Contains drive

    Yeah, nothing suspect about that at all....
    You say that, but I know some people who would plug that into their PC.

    And then, when their AV said 'DANGER!"
    ...they would purposely bypass and ignore.

    Heck...we see those people here every day.
    Reply
  • Alvar "Miles" Udell
    USAFRet said:
    You say that, but I know some people who would plug that into their PC.

    And then, when their AV said 'DANGER!"
    ...they would purposely bypass and ignore.

    Heck...we see those people here every day.

    I think we're all related to people like that who would then call us to help them.
    Reply
  • Gam3r01
    USAFRet said:
    You say that, but I know some people who would plug that into their PC.

    And then, when their AV said 'DANGER!"
    ...they would purposely bypass and ignore.

    Heck...we see those people here every day.
    Can confirm, nearly every single person working in my office would have done so.
    We had a software get updated and it got flagged by our systems as unsafe, so I asked IT about it and they said nobody mentioned it yet. Asked around and everyone else just bypassed the warning and installed anyway.
    Reply
  • Geef
    Buys box that says:

    Micorsoft Off iceInstall USB
    Reply
  • -Fran-
    WHERE CAN I GET A COPY?

    Asking for a friend.

    Regards xD
    Reply
  • dimar
    Where did these people purchase it from? Amazon or somewhere else?
    Reply
  • USAFRet
    dimar said:
    Where did these people purchase it from? Amazon or somewhere else?
    They did not purchase it:
    "Scammers from the U.K. send USB drives with Microsoft's Office suites in seemingly real Microsoft packaging to random addresses trying to make victims think that they received a legitimate Office Professional Plus (worth $439) by mistake. "
    Reply
  • husker
    Wait a minute. Users plug a USB drive into their computer, and the scammers still require them to call in and hand over control during the call? I'm no hacker, but it seems to me that if you got someone to plug in a USB drive you should be able to install the ransomware that way.
    Reply
  • USAFRet
    husker said:
    Wait a minute. Users plug a USB drive into their computer, and the scammers still require them to call in and hand over control during the call? I'm no hacker, but it seems to me that if you got someone to plug in a USB drive you should be able to install the ransomware that way.
    Thats the way a LOT of these scams work.
    Throw up a screen saying "You are infected! Cal 555-1212 to fix"

    Actually getting something to install requires at least a couple of slicks, and maybe a password.
    It goes MUCH easier if a nice man on the phone is helping you 'fix' your system...;)
    Reply